warzonerat | 58679b062a4049ab0b5a1ebc39c87bac639ea2d8902243c0739250abaa82c13d | Triage

Submit
Reports

Overview

overview

Static

static

Dhl shipme...00.exe

windows7-x64

Dhl shipme...00.exe

windows10-2004-x64

Sharing

General

Target

Dhl shipment 452869074700.exe
Size

868KB
Sample

221207-h6nrjsaa31
MD5

e7a39f97d03ec982df461b972e26e932
SHA1

d547036046730d5c0eaa681edd6473c94d43518c
SHA256

58679b062a4049ab0b5a1ebc39c87bac639ea2d8902243c0739250abaa82c13d
SHA512

877d74ad7247e2188423e3ef28c704c7c043728ecb4141544e3fb2dc1ee6dd56b95b61fa0b66df37d7d090edd10b7a127724c317d7072b1a8e89105919c8966e
SSDEEP

12288:roQgKZ/nXt7virmWhlGLaQYImNz+GBlr/NpoplnJjCGry/nFWJGn/nDbee3Opjma:MtpawTnEs/nDV+p

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

Dhl shipment 452869074700.exe

Resource

win7-20220812-en

warzonerat infostealer rat

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Dhl shipment 452869074700.exe

Resource

win10v2004-20220812-en

warzonerat infostealer rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  Dhl shipment 452869074700.exe
- Size
  
  868KB
- MD5
  
  e7a39f97d03ec982df461b972e26e932
- SHA1
  
  d547036046730d5c0eaa681edd6473c94d43518c
- SHA256
  
  58679b062a4049ab0b5a1ebc39c87bac639ea2d8902243c0739250abaa82c13d
- SHA512
  
  877d74ad7247e2188423e3ef28c704c7c043728ecb4141544e3fb2dc1ee6dd56b95b61fa0b66df37d7d090edd10b7a127724c317d7072b1a8e89105919c8966e
- SSDEEP
  
  12288:roQgKZ/nXt7virmWhlGLaQYImNz+GBlr/NpoplnJjCGry/nFWJGn/nDbee3Opjma:MtpawTnEs/nDV+p
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy